I need help creating DNS records in AWS R53. The Ansible module that I’m looking at assumes I know what to include in the playbook for programmatic access to AWS but I don’t… also, I don’t know if I need to specify the AWS URL or any other required information.
I’m using the amazon.aws.route53 module.
This is my code so far:
- name: Set environment variables for AWS credentials
hosts: localhost
gather_facts: no
environment:
AWS_ACCESS_KEY_ID: "{{ aws_id }}"
AWS_SECRET_ACCESS_KEY: "{{ aws_key }}"
AWS_REGION: 'us-east-1'
tasks:
- name: Get DNS record from AWS R53
amazon.aws.route53:
state: get
zone: <hosted-zone>
record: <dns-record>
#ttl:
#value:
#wait:
I don’t have much experience with Ansible, any help would be much appreciated!
I’m sorry, I don’t quite understand - The Ansible module that I’m looking at assumes I know what to include in the playbook for programmatic access to AWS but I don’t - this is pretty necessary? Generally the rule of thumb for AWS+Ansible is:
Do it in AWS CLI or at least, manually through the AWS Console)
Translate it into Ansible Module
So that requires some knowledge of the values you would need to enter. If you don’t know those values, you would have to work with someone at your organization who could provide them to you.
- name: Add new.foo.com as an A record with 3 IPs and wait until the changes have been replicated
amazon.aws.route53:
state: present
zone: foo.com
record: new.foo.com
type: A
ttl: 7200
value: 1.1.1.1,2.2.2.2,3.3.3.3
wait: true
Sorry for the confusion. I understand the examples on the Ansible modules page, just confused about AWS access.
Does this part of my playbook look correct?
- name: Set environment variables for AWS credentials
hosts: localhost
gather_facts: no
environment:
AWS_ACCESS_KEY_ID: "{{ aws_id }}"
AWS_SECRET_ACCESS_KEY: "{{ aws_key }}"
AWS_REGION: 'us-east-1'
tasks:
I’m getting this error when running the playbook: Failed to connect to the host via ssh: ssh: connect to host 127.0.0.1 port 22: Connection refused
You seem to have an explicit entry for localhost in your inventory which specifies an IP (127.0.0.1), but not connection: local. The entry (without connection: local) causes Ansible to try to connect to localhost with SSH, which causes the error you reported.
Right, what @felixfontein said for the error you are receiving.
For your environment block, it looks fine, although I personally do it a different way - instead of using Key ID & Secret Key, I use an AWS Profile - I could never get feeding the keys in Ansible tasks working properly myself, although many others use it with no issue.
So mine looks like this, and in my AWS CLI setup on the Ansible Server, I define the profiles as needed.
environment isn’t a secure way to pass credentials though. You could use module_defaults set at the play/block level instead, like this amazon.aws/tests/integration/targets/iam_group/tasks/main.yml at stable-7 · ansible-collections/amazon.aws · GitHub. The module options access_key, secret_key, session_token (you could swap those 3 out with aws_profile if you go that route) and region will be passed to all action plugins and modules in the amazon.aws and community.aws collections.
Thanks for the info/suggestions.
I found out the credentials I was using to test the playbook don’t have the right permissions in AWS. Once I sort that out, I plan to use aws_profile method for programmatic access.
Thanks again!